This tip, excerpted from Network Intrusion Detection: An Analyst's Handbook, by Stephen Northcutt and Judy Novak, published by New Riders, offers the first step in making your network
Intrusion-detection systems exist to help computer system managers deal with security problems. To understand where intrusion detection fits in the security world, you should understand the cause of system security problems. Several models address the etiology of security problems in computer systems. I find it helpful to group system security problems into three categories. Most security scenarios result from problems that fall into one or more of these areas.
--Problems in systems design and development: Problems resulting from errors and omissions occurring in the system design and development process.
--Problems in systems management: Problems resulting from mismanagement of systems after they are placed in operational use. This area includes making mistakes in system configuration; disabling security mechanisms on systems (or never enabling them!); or failing to establish security management policies, procedures and practices.
--Problems in allocating trust appropriately: Problems resulting from a failure to accurately assess trust. This area encompasses situations in which there is an assumption of trustworthiness when no compelling evidence supports that assumption. This area includes problems in network protocols (Transmission Control Protocol/Internet Protocol, or TCP/IP, features many notorious examples), cryptographic protocols and policy.
Related book Network Intrusion Detection: An Analyst's Handbook, Second Edition
Authors : Stephen Northcutt and Judy Novak
Publisher : New Riders
ISBN/CODE : 0735710082
Cover Type : Soft Cover
Pages : 480
Published : Sept. 2000
Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Network Intrusion Detection: An Analyst's Handbook, Second Edition is a training aid and reference for intrusion-detection analysts. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. People travel from all over the world to hear them speak, and this book will be a distillation of that experience. The book's approach is to introduce and ground topics through actual traffic patterns. The authors have been through the trenches and give you access to unusual and unique data.
This was first published in October 2000